Prevent external redirects

2025-08-07 18:58:30 +02:00 · 2022-03-25 18:29:54 +01:00
parent 1ffc3e0266
commit edb71286e7
11 changed files with 94 additions and 40 deletions
--- a/bookmarks/utils.py
+++ b/bookmarks/utils.py
@@ -95,3 +95,10 @@ def parse_timestamp(value: str):

    # Timestamp is out of range
    raise ValueError(f'{value} exceeds maximum value for a timestamp')
+
+
+def get_safe_return_url(return_url: str, fallback_url: str):
+    # Use fallback if URL is none or URL is not on same domain
+    if not return_url or not return_url.startswith('/'):
+        return fallback_url
+    return return_url